Lucene search
K

921 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.6 views

CVE-2023-40053

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously...

5CVSS6.6AI score0.00833EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.8 views

CVE-2023-40060

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...

7.2CVSS6.8AI score0.00872EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.7 views

CVE-2019-12769

SolarWinds Serv-U Managed File Transfer MFT Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters...

8.8CVSS7AI score0.00767EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:10 a.m.4 views

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS7.3AI score0.01006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.11 views

CVE-2025-40547

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run...

9.1CVSS7AI score0.00836EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.5 views

CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS6.9AI score0.00659EPSS
Exploits0References1
OSV
OSV
added 2025/11/18 9:15 a.m.7 views

CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS5.9AI score0.00659EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 9:15 a.m.8 views

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS6AI score0.01006EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 9:15 a.m.4 views

CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS0.00659EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 9:15 a.m.8 views

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS0.01006EPSS
Exploits0References2
NVD
NVD
added 2025/11/18 9:15 a.m.5 views

CVE-2025-40547

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run...

9.1CVSS0.00836EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 9:15 a.m.11 views

CVE-2025-40547

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run...

9.1CVSS5.9AI score0.00836EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/18 8:41 a.m.2 views

CVE-2025-40549 SolarWinds Serv-U Path Restriction Bypass Vulnerability

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS6.9AI score0.01006EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 8:41 a.m.4 views

EUVD-2025-197928

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS6.8AI score0.01006EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 8:41 a.m.14 views

CVE-2025-40549

SolarWinds Serv-U is affected by a Path Restriction Bypass vulnerability (CVE-2025-40549). Reports in multiple sources indicate that an attacker with administrative privileges could bypass directory restrictions and execute code on a directory, effectively enabling remote code execution. The issu...

9.1CVSS7AI score0.01006EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/11/18 8:41 a.m.9 views

CVE-2025-40549 SolarWinds Serv-U Path Restriction Bypass Vulnerability

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS0.01006EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/18 8:38 a.m.7 views

CVE-2025-40548 SolarWinds Serv-U Broken Access Control - Remote Code Execution Vulnerability

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS0.00659EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/18 8:38 a.m.4 views

CVE-2025-40548 SolarWinds Serv-U Broken Access Control - Remote Code Execution Vulnerability

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS6.6AI score0.00659EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 8:38 a.m.4 views

EUVD-2025-197929

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS6.5AI score0.00659EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 8:35 a.m.12 views

CVE-2025-40547 SolarWinds Serv-U Logic Abuse - Remote Code Execution Vulnerability

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run...

9.1CVSS0.00836EPSS
Exploits1References2
Rows per page
Query Builder